Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Big Sam Web Root Disclosure Vulnerability

Big Sam Web Root Disclosure Vulnerability

by Nikola Strahija on March 21st, 2002 Big Sam is a stand along guestbook application written in PHP. It was originally developed for Linux, but may operate under a wide range of Unix and Windows platforms.


A vulnerability has been reported in some versions of Big Sam. If an extremely large parameter is passed to the script, execution may result in excessive resource consumption or in an error message. The error message will contain the full path to the web root. The outcome of exploitation has been reported to depend on the server configuration.

Remote: Yes

Exploit: No

Solution: An updated version is available:


Big Sam Big Sam 1.1.08:

Big Sam Upgrade bigsam.1_1_09.php.txt
http://zadrozynski.free.fr/bigsam/bigsam.1_1_09.php.txt





Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »